CVE-2015-5017 Information

Feb 14, 2021 cve

Description

IBM Maximo Asset Management 7.1 through 7.1.1.13 7.5.0 before 7.5.0.8 IFIX005 and 7.6.0 before 7.6.0.2 IFIX002; Maximo Asset Management 7.5.0 before 7.5.0.8 IFIX005 7.5.1 and 7.6.0 before 7.6.0.2 IFIX002 for SmartCloud Control Desk; and Maximo Asset Management 7.1 through 7.1.1.13 and 7.2 for Tivoli IT Asset Management for IT and certain other products allow remote authenticated users to bypass intended access restrictions and establish a login session by entering an expired password.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Reference

http://www-01.ibm.com/support/docview.wss?uid=swg21969052

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

5.4

Share on: